Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/28/2019
12:05 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Bots Plague Ticketing Industry

Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.

While bad bots are a problem across many industries, the ticketing industry has experienced a dramatic increase in such traffic over the past couple of years. And much of that bad traffic occurs in our own backyard, with 85% of bad bots launched against ticketing companies originating in North America, according to a report released today by Distil Networks.

The report, "How Bots Affect Ticketing," also found the proportion of bad bots among ticketing companies has risen to 39.9% of all ticketing traffic. That's a notable increase from the 22.9% found in previous reports, and even that number was considered worse than the average for all industries.

Edward Roberts, director of product marketing at Distil Networks, says the number increased because of the greater number of ticketing companies included in this year's study, as well as the increase in volume of traffic analyzed.

"The sophistication of the bots and the ability of the organizations that propagate the bots to monetize them and survive as a business has also increased," Roberts says. "Whether it's brokers, scalpers, hospitality agencies, corporations, or criminals, they can lock down tickets, buy them at a cheaper price, and sell them at a premium on a secondary market."

Christopher Rodriguez, a research manager for cybersecurity products at IDC, says he has observed this kind of activity in many other industries, including retail, travel and hospitality, and financial services.

"That's why companies are looking at bot mitigation products such as from Distil, Akamai, PerimeterX, ShieldSquare, and Shape Security," Rodriguez says. "These products do device fingerprinting and tracking, looking how long a user dwells on a certain page, the movement of the mouse and how quickly they type, all in an effort to determine if the user is legitimate."

Criminals at Work
Though criminal elements are a much smaller share of the bad bot ticketing market compared with brokers, scalpers, and other companies, they seek to compromise customer accounts via credential stuffing, Distil's Roberts says.

By running stolen credentials against the login pages of ticketing platforms, bots identify the accounts where access was granted. Once inside the account, any stored tickets (usually two to four tickets at a time) can be stolen or transferred to another account. And once inside an account, any stored credit card and personal information could be stolen or used to commit fraud. The bots also steal customer loyalty points, a problem that has become prevalent with season ticket holders of European soccer teams.

"Ticketing companies need to pay attention to public data breaches because any time there's a major breach, the criminal will hit the names on that list," Roberts says. "Companies also need to consider blocking the known hosting providers for bot operators."

According to the report, ticketing has long experienced the evolution of the bot problem. As the ticketing industry moved online in the 1990s, it was the first industry to suffer from malicious bot operators using automated attacks to hold and scalp tickets. Following complaints by customers and increased pressure from artists, it was also the first industry to adopt legislation as an additional tool in the war on bad bots. In 2016, the US passed the Better Online Ticket Sales (BOTS) Act, which outlawed the resale of tickets purchased using bot technology and imposed fines. The UK, Australia, and parts of Canada have enacted similar legislation.

The latest report on the ticketing industry follows a report Distil issued last year on the airline industry, in which it found that 43.9% of all traffic on airlines websites came from bad bots, Roberts says.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/7/2019 | 7:20:02 AM
Re: External Requests
For comparison, I remember when my father's company subscribed to the old Sabre system for reservations and had an ancient (by today's standards) Western Union terminal (keyboard, roll of paper) in the office.  It was totally secure not only because there were not threats back then but it was so basic.  As we have gotten more complex we have sacrificed speed and covenience for security.  There is alot to be said for DOS 6.22 in some ways.  i could build a machine and do most of my basic work sans internet and you can just TURN IT OFF without shutdown.  (Side note - remember parking the heads? )
schopj
50%
50%
schopj,
User Rank: Strategist
2/28/2019 | 1:06:57 PM
Re: External Requests
How exactly would Ticket Master restrict ticketing to only internal entities?  We're not talking about internal ticketing systems, we're talking about concert and airline ticket sales online getting hit with bots.  
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/28/2019 | 12:56:18 PM
External Requests
I would imagine this is prevalent for ticketing systems that allow external entities to submit requests. If you restrict ticketing to only internal entities and trusted clients you will see a downturn in this activity.

If you are seeing bot traffic originate internally then you have bigger problems.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17478
PUBLISHED: 2020-08-10
ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.
CVE-2020-15648
PUBLISHED: 2020-08-10
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
CVE-2020-15649
PUBLISHED: 2020-08-10
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR...
CVE-2020-15650
PUBLISHED: 2020-08-10
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Fir...
CVE-2020-15651
PUBLISHED: 2020-08-10
A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.